LogoCloudflare API

Firewall

Firewall

Firewall

Access Rules

Firewall.AccessRules

Methods

list(, ):
V4PagePaginationArray
<
AccessRuleListResponse
>
get/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules

Fetches IP Access rules of an account or zone. These rules apply to all the zones in the account or zone. You can filter the results using several optional parameters.

get(, , ):
AccessRuleGetResponse
get/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}

Fetches the details of an IP Access rule defined.

create(, ):
AccessRuleCreateResponse
post/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules

Creates a new IP Access rule for an account or zone. The rule will apply to all zones in the account or zone.

Note: To create an IP Access rule that applies to a single zone, refer to the IP Access rules for a zone endpoints.

Security

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example: Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

Accepted Permissions (at least one required)

Account Firewall Access Rules Write

Parameters
params:
AccessRuleCreateParams
configuration:
AccessRuleIPConfiguration
|
IPV6Configuration
|
AccessRuleCIDRConfiguration
| 2 more...

Body param: The rule configuration.

mode: "block" | "challenge" | "whitelist" | 2 more...

Body param: The action to apply to a matched request.

account_id?: string

Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id?: string

Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

notes?: string

Body param: An informative summary of the rule, typically used as a reminder or explanation.

Returns
AccessRuleCreateResponse{
id: string
(maxLength: 32)

The unique identifier of the IP Access rule.

allowed_modes: Array<"block" | "challenge" | "whitelist" | 2 more...>

The available actions that a rule can apply to a matched request.

configuration:
AccessRuleIPConfiguration
|
IPV6Configuration
|
AccessRuleCIDRConfiguration
| 2 more...

The rule configuration.

mode: "block" | "challenge" | "whitelist" | 2 more...

The action to apply to a matched request.

created_on?: string
(format: date-time)

The timestamp of when the rule was created.

modified_on?: string
(format: date-time)

The timestamp of when the rule was last modified.

notes?: string

An informative summary of the rule, typically used as a reminder or explanation.

scope?:
Scope

All zones owned by the user will have the rule applied.

Request example
200Example
edit(, , ):
AccessRuleEditResponse
patch/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}

Updates an IP Access rule defined.

Note: This operation will affect all zones in the account or zone.

delete(, , ):
AccessRuleDeleteResponse
| null
delete/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}

Deletes an existing IP Access rule defined.

Note: This operation will affect all zones in the account or zone.

Domain types

AccessRuleCIDRConfiguration{…}
AccessRuleIPConfiguration{…}
ASNConfiguration{…}
CountryConfiguration{…}
IPV6Configuration{…}
Firewall

Lockdowns

Firewall.Lockdowns

Methods

list(, ):
V4PagePaginationArray
<
Lockdown
>
get/zones/{zone_id}/firewall/lockdowns

Fetches Zone Lockdown rules. You can filter the results using several optional parameters.

get(, , ):
Lockdown
get/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}

Fetches the details of a Zone Lockdown rule.

create(, ):
Lockdown
post/zones/{zone_id}/firewall/lockdowns

Creates a new Zone Lockdown rule.

update(, , ):
Lockdown
put/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}

Updates an existing Zone Lockdown rule.

delete(, , ):
LockdownDeleteResponse
delete/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}

Deletes an existing Zone Lockdown rule.

Domain types

Configuration = Array<
LockdownIPConfiguration
|
LockdownCIDRConfiguration
>

A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of ip or ip_range configurations.

Lockdown{…}
LockdownCIDRConfiguration{…}
LockdownIPConfiguration{…}
LockdownURL = string
Firewall

Rules

Firewall.Rules

Methods

list(, ):
V4PagePaginationArray
<
FirewallRule
>
Deprecated
get/zones/{zone_id}/firewall/rules

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Fetches firewall rules in a zone. You can filter the results using several optional parameters.

get(, , ):
FirewallRule
Deprecated
get/zones/{zone_id}/firewall/rules/{rule_id}

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Fetches the details of a firewall rule.

create(, ):
SinglePage
<
FirewallRule
>
Deprecated
post/zones/{zone_id}/firewall/rules

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Create one or more firewall rules.

update(, , ):
FirewallRule
Deprecated
put/zones/{zone_id}/firewall/rules/{rule_id}

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Updates an existing firewall rule.

edit(, , ):
SinglePage
<
FirewallRule
>
Deprecated
patch/zones/{zone_id}/firewall/rules/{rule_id}

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Updates the priority of an existing firewall rule.

delete(, , ):
FirewallRule
Deprecated
delete/zones/{zone_id}/firewall/rules/{rule_id}

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Deletes an existing firewall rule.

bulkUpdate(, ):
SinglePage
<
FirewallRule
>
Deprecated
put/zones/{zone_id}/firewall/rules

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Updates one or more existing firewall rules.

bulkEdit(, ):
SinglePage
<
FirewallRule
>
Deprecated
patch/zones/{zone_id}/firewall/rules

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Updates the priority of existing firewall rules.

bulkDelete(, ):
SinglePage
<
FirewallRule
>
Deprecated
delete/zones/{zone_id}/firewall/rules

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Deletes existing firewall rules.

Domain types

DeletedFilter{…}
FirewallRule{…}
Product = "zoneLockdown" | "uaBlock" | "bic" | 4 more...

A list of products to bypass for a request when using the bypass action.

Firewall

UA Rules

Firewall.UARules

Methods

list(, ):
V4PagePaginationArray
<
UARuleListResponse
>
get/zones/{zone_id}/firewall/ua_rules

Fetches User Agent Blocking rules in a zone. You can filter the results using several optional parameters.

get(, , ):
UARuleGetResponse
get/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}

Fetches the details of a User Agent Blocking rule.

create(, ):
UARuleCreateResponse
post/zones/{zone_id}/firewall/ua_rules

Creates a new User Agent Blocking rule in a zone.

update(, , ):
UARuleUpdateResponse
put/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}

Updates an existing User Agent Blocking rule.

delete(, , ):
UARuleDeleteResponse
delete/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}

Deletes an existing User Agent Blocking rule.

Firewall

WAF

Firewall.WAF

FirewallWAF

Overrides

Firewall.WAF.Overrides

Methods

list(, ):
V4PagePaginationArray
<
Override
>
Deprecated
get/zones/{zone_id}/firewall/waf/overrides

Fetches the URI-based WAF overrides in a zone.

Note: Applies only to the previous version of WAF managed rules.

get(, , ):
Override
Deprecated
get/zones/{zone_id}/firewall/waf/overrides/{overrides_id}

Fetches the details of a URI-based WAF override.

Note: Applies only to the previous version of WAF managed rules.

create(, ):
Override
Deprecated
post/zones/{zone_id}/firewall/waf/overrides

Creates a URI-based WAF override for a zone.

Note: Applies only to the previous version of WAF managed rules.

update(, , ):
Override
Deprecated
put/zones/{zone_id}/firewall/waf/overrides/{overrides_id}

Updates an existing URI-based WAF override.

Note: Applies only to the previous version of WAF managed rules.

delete(, , ):
OverrideDeleteResponse
Deprecated
delete/zones/{zone_id}/firewall/waf/overrides/{overrides_id}

Deletes an existing URI-based WAF override.

Note: Applies only to the previous version of WAF managed rules.

Domain types

Override{…}
OverrideURL = string
RewriteAction{…}

Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object.

WAFRule = Record<string, "challenge" | "block" | "simulate" | 2 more...>

An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a groups object or a rules object.

FirewallWAF

Packages

Firewall.WAF.Packages

Methods

list(, ):
V4PagePaginationArray
<
PackageListResponse
>
Deprecated
get/zones/{zone_id}/firewall/waf/packages

Fetches WAF packages for a zone.

Note: Applies only to the previous version of WAF managed rules.

get(, , ):
PackageGetResponse
Deprecated
get/zones/{zone_id}/firewall/waf/packages/{package_id}

Fetches the details of a WAF package.

Note: Applies only to the previous version of WAF managed rules.

FirewallWAFPackages

Groups

Firewall.WAF.Packages.Groups

Methods

list(, , ):
V4PagePaginationArray
<
Group
>
Deprecated
get/zones/{zone_id}/firewall/waf/packages/{package_id}/groups

Fetches the WAF rule groups in a WAF package.

Note: Applies only to the previous version of WAF managed rules.

get(, , , ):
GroupGetResponse
Deprecated
get/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}

Fetches the details of a WAF rule group.

Note: Applies only to the previous version of WAF managed rules.

edit(, , , ):
GroupEditResponse
Deprecated
patch/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}

Updates a WAF rule group. You can update the state (mode parameter) of a rule group.

Note: Applies only to the previous version of WAF managed rules.

Domain types

Group{…}
FirewallWAFPackages

Rules

Firewall.WAF.Packages.Rules

Methods

list(, , ):
V4PagePaginationArray
<
RuleListResponse
>
Deprecated
get/zones/{zone_id}/firewall/waf/packages/{package_id}/rules

Fetches WAF rules in a WAF package.

Note: Applies only to the previous version of WAF managed rules.

get(, , , ):
RuleGetResponse
Deprecated
get/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}

Fetches the details of a WAF rule in a WAF package.

Note: Applies only to the previous version of WAF managed rules.

edit(, , , ):
RuleEditResponse
Deprecated
patch/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}

Updates a WAF rule. You can only update the mode/action of the rule.

Note: Applies only to the previous version of WAF managed rules.

Domain types

AllowedModesAnomaly = "on" | "off"

Defines the mode anomaly. When set to on, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules.

WAFRuleGroup{…}

Defines the rule group to which the current WAF rule belongs.